CPR discovered vulnerable functions inside MSGraph. Similar code checks confirmed that the vulnerable function was commonly used across multiple different Microsoft Office products, such as Excel, Office Online Server and Excel for OSX.
The latest tools inject malicious macros or references to remote templates into existing documents on the attacked system, which is a very efficient way of moving within an organization’s network, as documents are routinely shared amongst colleagues.